2568 matches found
CVE-2026-54088
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, the Hook Authentication feature in File Browser allows administrators to delegate login verification to an external shell command. User-supplie...
CVE-2026-52988
A flaw was found in the Linux kernel's netfilter component. This vulnerability involves a concurrency issue during updates to netfilter rulesets. When multiple updates occur simultaneously, improper synchronization could lead to unsafe data access during netlink dump list traversal. This could...
CVE-2026-53000
A flaw was found in the Linux kernel's netfilter component, specifically within the Network Address Translation NAT subsystem. This vulnerability involves improper memory management when releasing network filter operation structures. This could potentially allow an attacker to cause a system cras...
CVE-2026-54088 File Browser: Command Injection via Authentication Hook Shell Substitution (Pre-Authentication RCE)
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, the Hook Authentication feature in File Browser allows administrators to delegate login verification to an external shell command. User-supplie...
CVE-2026-53269
In the Linux kernel, the following vulnerability has been resolved: netfilter: synproxy: add mutex to guard hook reference counting As the synproxy infrastructure register netfilter hooks on-demand when a user adds the first iptables target or nftables expression, if done concurrently they can ra...
CVE-2026-53269
In the Linux kernel, the following vulnerability has been resolved: netfilter: synproxy: add mutex to guard hook reference counting As the synproxy infrastructure register netfilter hooks on-demand when a user adds the first iptables target or nftables expression, if done concurrently they can ra...
CVE-2026-53269
The CVE affects the Linux kernel netfilter synproxy subsystem. The issue arises when netfilter hooks are registered on-demand for the first iptables target or nftables expression and multiple threads concurrently attempt registration, risking a race in refcount management. The published fix intro...
EUVD-2026-39220
In the Linux kernel, the following vulnerability has been resolved: netfilter: synproxy: add mutex to guard hook reference counting As the synproxy infrastructure register netfilter hooks on-demand when a user adds the first iptables target or nftables expression, if done concurrently they can ra...
CVE-2026-52811
Gogs is an open source self-hosted Git service. Prior to 0.14.3, Repository.UploadRepoFiles checks for symlinks only on the leaf of the upload target osx.IsSymlinktargetPath. The siblings UpdateRepoFile, DeleteRepoFile, and GetDiffPreview use hasSymlinkInPath, which lstats every component —...
CVE-2026-52813 Gogs: Path Traversal in organization name results in RCE through Git hooks
Gogs is an open source self-hosted Git service. Prior to 0.14.3, organization names containing path traversal sequences ../ are accepted by Gogs, and repositories under them are written to paths following these path traversals. This allows storing/retrieving data for repositories at arbitrary...
CVE-2026-54686 Warp: DCS lifecycle hook spoofing can alter terminal session metadata
Warp is an agentic development environment. From 0.2021.04.25.23.05.stable00 until 0.2026.05.06.15.42.stable01, Warp accepted certain state-mutating terminal lifecycle hooks from the PTY stream without verifying that the hooks were emitted by Warp's shell integration for the active session. An...
CVE-2026-54686
Warp: CVE-2026-54686 enables DCS lifecycle hook spoofing in Warp’s PTY stream, allowing attacker-controlled terminal output to spoof lifecycle metadata (e.g., working directory, SSH transport metadata) for active sessions. Technical details in connected PoC describe additional remote command inje...
CVE-2026-53000
In the Linux kernel, the following vulnerability has been resolved: netfilter: nat: use kfreercu to release ops Florian Westphal says: "Historically this is not an issue, even for normal base hooks: the data path doesn't use the original nfhookops that are used to register the callbacks. However,...
CVE-2026-52988
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: join hook list via splicelistrcu in commit phase Publish new hooks in the list into the basechain/flowtable using splicelistrcu to ensure netlink dump list traversal via rcu is safe while concurrent ruleset...
CVE-2026-53000
CVE-2026-53000 affects the Linux kernel netfilter NAT path. The root issue is partial exposure of nf_hook_ops during error handling, which can lead to unsafe access to internal hook data via the datapath and nat dispatcher flow. Exploitation details are not provided in the documents, but the desc...
CVE-2026-53000 netfilter: nat: use kfree_rcu to release ops
In the Linux kernel, the following vulnerability has been resolved: netfilter: nat: use kfreercu to release ops Florian Westphal says: "Historically this is not an issue, even for normal base hooks: the data path doesn't use the original nfhookops that are used to register the callbacks. However,...
CVE-2026-6292
CVE-2026-6292 affects the WordPress plugin MP Customize Login Page (versions ≤ 1.0). The issue is a CSRF vulnerability caused by a broken nonce validation in enter_mpclp_login_options() (inverted wp_verify_nonce() check and missing action parameter) and a settings-update handler hooked on init wi...
CVE-2026-6292 MP Customize Login Page <= 1.0 - Cross-Site Request Forgery to Settings Update
The MP Customize Login Page plugin for WordPress is vulnerable to Cross-Site Request Forgery CSRF in all versions up to and including 1.0. This is due to a completely broken nonce validation in the entermpclploginoptions function, which contains an inverted check if wpverifynonce... return false;...
PT-2026-51894
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the netfilter component of the Linux kernel, specifically within the Network Address Translation NAT subsystem. The issue stems from improper memory management when...
CVE-2026-44726
Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.0.0 until 2.7.8, a flaw in Deno's Node.js tls compatibility layer could cause a TLS client to transmit application data in plaintext after a connection retry. When autoSelectFamily was enabled and the first address-family attempt...